[PATCH] clamav: Update to 1.0.1

[PATCH] clamav: Update to 1.0.1

[Matthias Fischer]

[-- Attachment #1: Type: text/plain, Size: 1823 bytes --]

For details see:
https://blog.clamav.net/2023/02/clamav-01038-01052-and-101-patch.html

"ClamAV 1.0.1 is a critical patch release with the following fixes:

    CVE-2023-20032: Fixed a possible remote code execution
    vulnerability in the HFS+ file parser. The issue affects versions
    1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier.
    Thank you to Simon Scannell for reporting this issue.

    CVE-2023-20052: Fixed a possible remote information leak
    vulnerability in the DMG file parser. The issue affects versions
    1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier.
    Thank you to Simon Scannell for reporting this issue.

    Fix an allmatch detection issue with the preclass bytecode hook."

Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org>
---
 lfs/clamav | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/lfs/clamav b/lfs/clamav
index 24c13f00b..426321c05 100644
--- a/lfs/clamav
+++ b/lfs/clamav
@@ -26,7 +26,7 @@ include Config
 
 SUMMARY    = Antivirus Toolkit
 
-VER        = 1.0.0
+VER        = 1.0.1
 
 THISAPP    = clamav-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -34,7 +34,7 @@ DL_FROM    = $(URL_IPFIRE)
 DIR_APP    = $(DIR_SRC)/$(THISAPP)
 TARGET     = $(DIR_INFO)/$(THISAPP)
 PROG       = clamav
-PAK_VER    = 64
+PAK_VER    = 65
 
 DEPS       =
 
@@ -50,7 +50,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_BLAKE2 = 62d00a9ceb1849d1517f34194daaa3bb8bbc904e81e3a20791cf0b5f557587cc497e23feb38cdfbb8b152446821eb20d9a4bce18a0c83d1c31474bfed9944c69
+$(DL_FILE)_BLAKE2 = 8f216051eeb94a9196849c9edff2fe0c73e4aa3ca242cf72d91c1692eb2a4688f8e525f638b6870a2f934976435a4272a1f116c1cf3a7cfd194efa91f11fd135
 
 install : $(TARGET)
 
-- 
2.34.1

Re: [PATCH] clamav: Update to 1.0.1

[Michael Tremer]

[-- Attachment #1: Type: text/plain, Size: 2064 bytes --]

Thank you. As this is rather critical, I merged this into c173.

> On 17 Feb 2023, at 18:00, Matthias Fischer <matthias.fischer(a)ipfire.org> wrote:
> 
> For details see:
> https://blog.clamav.net/2023/02/clamav-01038-01052-and-101-patch.html
> 
> "ClamAV 1.0.1 is a critical patch release with the following fixes:
> 
>    CVE-2023-20032: Fixed a possible remote code execution
>    vulnerability in the HFS+ file parser. The issue affects versions
>    1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier.
>    Thank you to Simon Scannell for reporting this issue.
> 
>    CVE-2023-20052: Fixed a possible remote information leak
>    vulnerability in the DMG file parser. The issue affects versions
>    1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier.
>    Thank you to Simon Scannell for reporting this issue.
> 
>    Fix an allmatch detection issue with the preclass bytecode hook."
> 
> Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org>
> ---
> lfs/clamav | 6 +++---
> 1 file changed, 3 insertions(+), 3 deletions(-)
> 
> diff --git a/lfs/clamav b/lfs/clamav
> index 24c13f00b..426321c05 100644
> --- a/lfs/clamav
> +++ b/lfs/clamav
> @@ -26,7 +26,7 @@ include Config
> 
> SUMMARY    = Antivirus Toolkit
> 
> -VER        = 1.0.0
> +VER        = 1.0.1
> 
> THISAPP    = clamav-$(VER)
> DL_FILE    = $(THISAPP).tar.gz
> @@ -34,7 +34,7 @@ DL_FROM    = $(URL_IPFIRE)
> DIR_APP    = $(DIR_SRC)/$(THISAPP)
> TARGET     = $(DIR_INFO)/$(THISAPP)
> PROG       = clamav
> -PAK_VER    = 64
> +PAK_VER    = 65
> 
> DEPS       =
> 
> @@ -50,7 +50,7 @@ objects = $(DL_FILE)
> 
> $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
> 
> -$(DL_FILE)_BLAKE2 = 62d00a9ceb1849d1517f34194daaa3bb8bbc904e81e3a20791cf0b5f557587cc497e23feb38cdfbb8b152446821eb20d9a4bce18a0c83d1c31474bfed9944c69
> +$(DL_FILE)_BLAKE2 = 8f216051eeb94a9196849c9edff2fe0c73e4aa3ca242cf72d91c1692eb2a4688f8e525f638b6870a2f934976435a4272a1f116c1cf3a7cfd194efa91f11fd135
> 
> install : $(TARGET)
> 
> -- 
> 2.34.1
>